Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fkL5qpHFODs-cnVy67GVWRqHYM4.cer
File:                     fkL5qpHFODs-cnVy67GVWRqHYM4.cer (raw, json)
Hash identifier:          +SOUIBVen71srJUY7kdfec/NKF5B0ACLp2rPbeW3r7g=
Subject key identifier:   7E:42:F9:AA:91:C5:38:3B:3E:72:75:72:EB:B1:95:59:1A:87:60:CE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C3870A034E69D4DE778B4E34F5A72
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/20/81d8dd-4cd3-4378-b067-7cd472864bf8/1/fkL5qpHFODs-cnVy67GVWRqHYM4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/20/81d8dd-4cd3-4378-b067-7cd472864bf8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:50 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.201.48.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Mar 2025 12:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:38:70:a0:34:e6:9d:4d:e7:78:b4:e3:4f:5a:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e42f9aa91c5383b3e727572ebb195591a8760ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:91:b1:f1:26:d1:e6:88:38:67:27:d9:32:61:
                    15:ec:fd:29:36:fc:40:07:3a:a6:ad:8c:71:b1:fd:
                    16:01:3a:f4:66:bb:84:f8:f9:f3:f6:f8:70:6a:45:
                    23:9a:dc:af:69:ca:10:ac:8f:bf:00:d2:7c:35:0a:
                    2d:6a:40:6c:d6:87:ad:0a:7d:54:37:0f:30:57:fa:
                    60:ce:24:de:9a:08:a2:f6:54:c7:fd:79:99:cf:74:
                    b4:43:9e:b6:3c:a6:8d:e1:eb:a5:e6:e1:cf:85:2b:
                    66:76:5c:23:0c:e8:fa:d1:5f:2d:2f:42:84:1a:ab:
                    17:12:7e:ad:ce:84:d5:fb:2a:ce:ac:0a:62:70:35:
                    f5:55:b6:16:08:f2:80:d1:30:83:d4:e6:17:65:33:
                    48:e3:2d:c4:96:ae:82:bd:3e:c0:1a:77:d3:59:19:
                    8a:cf:16:ee:24:22:cb:d8:49:53:6b:b2:5a:6f:d9:
                    61:90:23:f7:68:4b:0c:31:c2:13:ab:db:90:3e:c7:
                    6d:4e:13:45:04:c9:e5:a0:c8:74:7c:98:19:5e:5b:
                    f1:a5:5c:a6:4d:d4:dc:fe:7c:74:a8:80:66:3c:a0:
                    db:66:73:28:2c:6a:18:ee:48:0e:a0:9e:ee:9b:cf:
                    2e:40:a2:9f:fb:68:59:d9:d3:6d:01:73:6a:76:de:
                    72:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:42:F9:AA:91:C5:38:3B:3E:72:75:72:EB:B1:95:59:1A:87:60:CE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/81d8dd-4cd3-4378-b067-7cd472864bf8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/81d8dd-4cd3-4378-b067-7cd472864bf8/1/fkL5qpHFODs-cnVy67GVWRqHYM4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:a1:11:76:5f:8e:fc:36:7a:2f:fb:67:76:fb:18:fd:74:02:
         b4:ec:42:7d:c3:1c:59:c7:2c:29:94:26:23:18:3b:a7:7d:0f:
         f6:cf:cb:b4:be:b5:ab:93:5f:51:b4:b5:0b:57:a0:e4:25:cc:
         3e:f5:38:09:a2:f6:20:87:51:c8:3c:0f:b2:10:1a:59:93:a0:
         d9:10:41:7c:5d:6f:a3:ec:b8:ae:1b:33:58:e9:c1:56:2d:ac:
         b7:da:38:48:de:9f:fd:7d:6e:c5:88:b0:be:87:9a:f6:df:16:
         fe:9b:3e:d8:ef:00:df:dd:12:06:78:d4:24:c1:37:33:f4:77:
         36:a3:cd:c9:af:6f:a6:da:87:f3:b6:ee:04:b5:16:d2:10:36:
         9f:4c:b7:ac:ea:4f:4b:c2:37:39:19:79:fc:cb:70:9c:11:a0:
         90:76:74:71:3c:fd:a4:41:78:2d:26:e1:84:94:3c:12:06:88:
         42:27:8b:de:d8:b2:05:4d:16:fb:bd:cc:6f:3a:c2:ca:b5:9e:
         ab:ef:70:e3:21:30:23:f5:59:14:89:20:0d:d7:b9:8e:4d:bc:
         41:45:f4:d9:52:92:e5:e5:93:9f:44:16:65:01:bd:2e:6b:03:
         42:04:d1:c3:ed:c8:7b:a2:83:e9:d0:9d:0d:3e:5a:44:d7:52:
         98:60:a8:44
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQfjDhwoDTmnU3neLTjT1pyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQyZjlhYTkxYzUzODNiM2U3Mjc1NzJlYmIxOTU1OTFhODc2MGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspGx8SbR5og4ZyfZMmEV7P0pNvxA
BzqmrYxxsf0WATr0ZruE+Pnz9vhwakUjmtyvacoQrI+/ANJ8NQotakBs1oetCn1U
Nw8wV/pgziTemgii9lTH/XmZz3S0Q562PKaN4eul5uHPhStmdlwjDOj60V8tL0KE
GqsXEn6tzoTV+yrOrApicDX1VbYWCPKA0TCD1OYXZTNI4y3Elq6CvT7AGnfTWRmK
zxbuJCLL2ElTa7Jab9lhkCP3aEsMMcITq9uQPsdtThNFBMnloMh0fJgZXlvxpVym
TdTc/nx0qIBmPKDbZnMoLGoY7kgOoJ7um88uQKKf+2hZ2dNtAXNqdt5yrwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFH5C+aqRxTg7PnJ1cuuxlVkah2DOMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIwLzgxZDhk
ZC00Y2QzLTQzNzgtYjA2Ny03Y2Q0NzI4NjRiZjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvODFkOGRk
LTRjZDMtNDM3OC1iMDY3LTdjZDQ3Mjg2NGJmOC8xL2ZrTDVxcEhGT0RzLWNuVnk2
N0dWV1JxSFlNNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwckwMA0GCSqGSIb3DQEBCwUAA4IBAQBZoRF2
X478Nnov+2d2+xj9dAK07EJ9wxxZxywplCYjGDunfQ/2z8u0vrWrk19RtLULV6Dk
Jcw+9TgJovYgh1HIPA+yEBpZk6DZEEF8XW+j7LiuGzNY6cFWLay32jhI3p/9fW7F
iLC+h5r23xb+mz7Y7wDf3RIGeNQkwTcz9Hc2o83Jr2+m2ofztu4EtRbSEDafTLes
6k9Lwjc5GXn8y3CcEaCQdnRxPP2kQXgtJuGElDwSBohCJ4ve2LIFTRb7vcxvOsLK
tZ6r73DjITAj9VkUiSAN17mOTbxBRfTZUpLl5ZOfRBZlAb0uawNCBNHD7ch7ooPp
0J0NPlpE11KYYKhE
-----END CERTIFICATE-----